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Executive  Summary 

This  project  involved  a  joint  research  performed  primarily  at  Oregon  State  University  and  “The  Ohio  State 
University.  Software-driven  hardware  configurations  account  for  the  majority  of  modem  safety-critical 
complex  systems.  The  often  costly  failures  of  such  systems  can  be  attributed  to  software  specific, 
hardware  specific,  or  software/hardware  interaction  failures.  The  understanding  of  how  failures  propagate 
in  such  complex  systems  might  provide  critical  information  to  designers,  because,  while  a  software 
component  may  not  fail  in  terms  of  loss  of  function,  a  software  operational  state  can  cause  an  associated 
hardware  failure.  The  least  expensive  phase  of  the  product  life  cycle  to  address  failures  is  during  the 
design  stage.  This  research  presents  a  means  to  evaluate  how  a  combined  software/hardware  system 
behaves  and  how  such  failures  propagate  to  result  in  potential  failures  downstream,  during  the 
conceptual  design  stage  In  particular,  this  research  proposes  the  use  of  high-level  system  modeling  and 
model-based  reasoning  approaches  to  model  failure  propagation  in  combined  software-hardware 
systems,  based  on  the  Function-Failure  Identification  and  Propagation  (FFIP)  analysis  framework  to  help 
formalize  the  design  of  safety-critical  systems. 

The  main  contribution  of  the  research  is  the  “Integrated  Failure  Analysis  Methodology',  developed  to 
analyze  complex  hardware-software  systems  in  a  coherent  manner.  This  integrated  approach  is  a 
unification  of  two  different  approaches  namely,  Fault  Failure  Identification  and  Propagation  (FFIP)  and 
Fault  Propagation  and  Simulation  Approach  (FPSA),  used  to  analyze  hardware  and  software  design 
respectively.  The  following  provides  the  details  of  joint  research  activities  between  the  two  institutions. 

•  Completed  mapping  between  elements  of  different  Unified  Modeling  Language  (UML)  diagrams. 

•  Formulated  a  software  fault  propagation  and  effect  analysis  approach  called  Fault  Propagation 
and  Simulation  Approach  (FPSA)  which  allows  us  to  propagate  faults  throughout  a  software 
design  expressed  using  UML  diagrams.  Two  variations  of  FPSA  have  been  introduced,  i.e.  a  high 
level  and  executable. 

•  Applied  the  software  fault  propagation  and  simulation  approach  to  the  case  study  of  the  Space 
Shuttle's  Reaction  Control  System’s  (RCS)  Helium  tank  sub-system. 

•  Established  collaboration  with  the  Institute  for  Energy  Technology/OECD  Halden  Reactor  Project 
in  Norway  which  focuses  on  the  study  of  Common  Cause  Failure  propagation  in  digital  nuclear 
reactor  upgrades  (which  are  planned  for  all  reactors  in  the  United  States)  and  which  will  use  the 
methodology  in  development  for  AFOSR  (See:  The  OECD  Halden  Reactor  Project). 

•  Performed  a  survey,  analysis,  and  classification  of  software  testing  techniques  relying  on  an 
operational  profile  (OP)  and  characterized  the  type  and  frequency  of  the  software  inputs  during 
testing. 

•  Established  an  ontology-based  approach  used  to  verify  UML  model  properties.  The  approach 
uses  ontology  related  techniques  and  tools  to  represent  UML  knowledge  and  properties,  specify 
models  as  instances  of  the  ontology,  and  verify  design  correctness  and  completeness  aspects. 

•  Formalized  a  hardware  failure  propagation  methodology  called  Function-Failure  Identification  and 
Propagation  (FFIP)  analysis  framework  for  extension  to  the  software-hardware  system  design. 
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•  Developed  full  set  of  models  for  an  electrical  power  system  test-bed,  liquid  rocket  engine,  and 
boiling  water  reactor  and  implemented  failure  scenarios  using  FFIP  in  Simulink  and  ModelCenter. 

•  Developed  new  logic  rules  based  on  flow  state  to  handle  failures  (vs.  nominal  modes)  using 
functional  modeling  and  implemented  rules  on  the  3  applications  above. 

•  Started  the  design  of  an  electro-mechanical  actuator  testbed  using  FFIP  fundamentals  to  serve 
as  a  testbed  for  our  methodology  and  tools,  to  be  flown  at  NASA  Ames  on  Airforce  and  Army 
platforms  to  test  models  and  assumptions  about  actuator  failure  indicators  derived  using  FFIP 

•  Applied  FFIP  to  the  design-stage  analysis  of  failures  in  a  Boiling  Water  Reactor  in  collaboration 
with  the  Helsinki  University  of  Technology-,  presented  to  STUK,  Safety  Authority  for  nuclear  power 
in  Finland  (the  equivalent  of  NRC  in  the  United  States.) 

•  Formulated  an  integrated  approach  for  hardware-software  fault  propagation  and  failure 
identification  at  the  early  design  stage  The  integrated  approach  is  based  on  the  metamodel 
(Figure  1)  which  describes  the  relationships  between  the  different  hardware-software  design 
elements. 

•  Transferred  knowledge  gained  from  the  AFOSR  project  into  a  funded  effort  through  DARPA’s 
Meta-ll  program. 


Cumulative  list  of  people  involved: 

1 .  Prof.  Carol  Smidts,  The  Ohio  State  University,  US 

2.  Chetan  Mutha,  The  Ohio  State  University,  US 
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Figure  1:  Metamodel  of  the  Integrated  System  Failure  Analysis  Method 
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